As a note, DCC Chat won't get your flooded off and you probably don't need to have everything done by the bot, so you can limit the data going back and forth. Anyhow, that was just a possibility I offere.
One possibility you can do is to create some form of check bit in all data being transmitted.
Just like is used in CRC and in Credit Cards and Bar Codes and similar things, you can create a check bit to determine the validity of the data.
For example, if you're sending 5 numbers for data, you'd instead send 6 with the last one being a value to make some mathematical function work properly.
Example:
I'm sending character stats to the server:
I send it as health, mana, gold, experience--
150 75 50000 3418
So that a player can't just send that data to the server using their own numbers, you can add a check bit.
As a simple example, let's say you want the total, when you add the 1st to the 3rd, then multiply by the 2nd, then divide by the 4th, then add your check bit (all that as an integer) and have it equal 100000.
In this case, your check bit would be:
$int((150 + 50000) * 75 / 3418) + X = 100000
Calculated out, it would be:
X = 100000 - $int((150 + 50000) * 75 / 3418)
so...
X = 98900
If someone sent a 5th value that wasn't calculated by the script (and it can only be calculated by the script if the data is valid), you would know that they cheated (or your script broke).
Obviously, the code for calculating that would need to be hidden fairly well. You could use the same method for hiding that one variable as you mentioned above.
This example is for numerical data being sent... but, you can do similar things with alphanumerical data as well.
In the end, if someone really wants to cheat, they'll find a way. This is just a relatively easy method to make it somewhat difficult.
